package morpho.etis.android.sdk.deviceauthenticator.client.keymanagement;

import android.annotation.SuppressLint;
import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.stats.CodePackage;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Iterator;
import java.util.List;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import morpho.etis.android.sdk.deviceauthenticator.client.utils.Configuration;
import morpho.etis.deviceauthenticator.exceptions.DeviceAuthenticatorException;

@SuppressLint({"NewApi"})
/* loaded from: classes4.dex */
public final class AndroidKeyManager extends BaseKeyManager {
    public final String encryptionKeyAlias;

    public AndroidKeyManager(Context context, String str) throws DeviceAuthenticatorException, KeyStoreException {
        super(context, str, KeyStore.getInstance(Configuration.HARD_KEYSTORE));
        String str2 = str + "enc";
        this.encryptionKeyAlias = str2;
        this.keystoreAliases.add(str2);
    }

    public static SecretKey generateEncryptionKey(String str) throws DeviceAuthenticatorException {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 3).setKeySize(128).setBlockModes(CodePackage.GCM).setEncryptionPaddings("NoPadding").setRandomizedEncryptionRequired(true).build();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", Configuration.HARD_KEYSTORE);
            keyGenerator.init(build);
            return keyGenerator.generateKey();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }

    public static KeyPair generateRsaKeyPair(String str) throws DeviceAuthenticatorException {
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(str, 4).setDigests("SHA-1", "SHA-256", "SHA-512").setSignaturePaddings("PKCS1", "PSS").setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setRandomizedEncryptionRequired(true).build();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", Configuration.HARD_KEYSTORE);
            keyPairGenerator.initialize(build);
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void generateDeviceKeys() throws DeviceAuthenticatorException {
        KeyPair generateRsaKeyPair = generateRsaKeyPair(this.deviceKeysAlias);
        this.devicePrivateKey = generateRsaKeyPair.getPrivate();
        this.devicePublicKey = generateRsaKeyPair.getPublic();
        this.encryptionKey = generateEncryptionKey(this.encryptionKeyAlias);
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public AlgorithmParameterSpec getAlgorithmParameterSpec() {
        return null;
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] bArr) {
        return new GCMParameterSpec(128, bArr);
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void init(boolean z) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.ks.load(null);
        if (z) {
            Iterator<String> it = this.keystoreAliases.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (this.ks.containsAlias(next)) {
                    this.ks.deleteEntry(next);
                }
            }
        }
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void loadKeys(List<String> list) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, InvalidKeyException {
        super.loadKeys(list);
        if (this.encryptionKey == null) {
            throw new UnrecoverableEntryException("missing mandatory keystore element");
        }
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void save() throws DeviceAuthenticatorException {
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void storeServerCertificate(Certificate certificate) throws DeviceAuthenticatorException {
        try {
            this.ks.setCertificateEntry(this.serverCertificateAlias, certificate);
        } catch (KeyStoreException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }
}
